<?
/*
 * Copyright 2004-2005 Sigve Indregard.
 *
 * This file is part of Laivsys.
 *
 * Laivsys is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Laivsys is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Laivsys; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

/*
 * $Id: normauth.php 6 2005-07-11 23:14:47Z say $
 */
 
/*******************
 *
 * normauth.php
 * included thru require
 * needs an active mysql conn
 *
 *******************/
include_once("laivid.php");

$arr=getLaiv();
$laivid=$arr['ID'];

if ( !empty($_REQUEST['logout']) && $_REQUEST['logout'] == 'true') {
	logout();
	die();
} else {
	if ( empty($_SESSION) || $_SESSION['AuthStatus'] != 'Authorized') {
		if ($_REQUEST['process'] == 'true') {
			$user=mysql_escape_string($_REQUEST['Brukernavn']);
			$pass=mysql_escape_string($_REQUEST['Passord']);
			if ( !empty($user) && !empty($pass) ) {
				$sql="SELECT * FROM Deltakere WHERE Brukernavn='$user' AND Passord=PASSWORD('$pass') AND LaivID=$laivid";
				$resultat=mysql_query($sql) 
					or die("Feil i databaseforbindelse eller setning. ".mysql_error());

				if (mysql_num_rows($resultat)) {
					$fields=mysql_fetch_assoc($resultat);
					$_SESSION['AuthStatus'] = 'Authorized';
					$_SESSION['User'] = $user;
					$_SESSION['UserID'] = $fields['ID'];

					$sql="INSERT INTO loginlog (deltakerID, tidspunkt) VALUES (".$fields['ID'].", NOW())";
					mysql_query($sql);
				} else {
					errorscreen("Feil brukernavn og/eller passord");
					die();
				}
			} else {
				errorscreen("Du m� fylle ut b�de brukernavn og passord");
				die();
			}
		} else {
			loginscreen();
			die();
		}
	}
}

//errorscreen
function errorscreen ($errmsg) {
	$sidetittel="En feil oppstod";
	include("top.php")	
	?>
	<div class="headline">Feil!</div>
	<div class="text">
	En feil oppstod:<p>
	<div style="background: white;border:2px solid red;padding:10px">
	<?=$errmsg?>
	</div>
	<?
	include("bottom.php");
}
//loginscreen
function loginscreen () {
	$sidetittel="Logg inn";
	include("top.php")	
	?>
	<div class="headline">Logg inn</div>
	<div class="text">
	<form method="post" action="<?=$_SERVER['REQUEST_URI']?>">
	<input type="hidden" name="process" value="true">
	<p><b>Brukernavn:</b><br>
	<input name="Brukernavn" size="10"><br>
	<p><b>Passord:</b><br>
	<input name="Passord" size="10" type="password"><br>
	<p><input type="submit" value="Logg inn">
	</form>
	</div>
	<?
	include("bottom.php");
}
//logout
function logout () {
	unset($_SESSION['User']);
	unset($_SESSION['UserID']);
	unset($_SESSION['AuthStatus']);
	
	$sidetittel="Logget ut";
	include("top.php")	
	?>
	<div class="headline">Logget ut</div>
	<div class="text">
	Du er n� logget ut.<p>
	<a href="/arrangementer/cms/arrindex.php">Tilbake til arrangementssiden</a>
	</div>
	<?
	include("bottom.php");
}
?>
